{"containers": {"cna": {"affected": [{"product": "Identity Manager Applications", "vendor": "NetIQ", "versions": [{"lessThan": "4.5.6.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2017-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "information exposure due to unencrypted credentials in GET Urls", "lang": "en", "type": "text"}]}, {"descriptions": [{"cweId": "CWE-598", "description": "CWE-598", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:16:01", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"}], "source": {"defect": ["1049143"], "discovery": "EXTERNAL"}, "title": "Novell Identity Manager User Application get request url contains the session token.", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2017-09-11T00:00:00.000Z", "ID": "CVE-2017-9280", "STATE": "PUBLIC", "TITLE": "Novell Identity Manager User Application get request url contains the session token."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Identity Manager Applications", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "4.5.6.1"}]}}]}, "vendor_name": "NetIQ"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information exposure due to unencrypted credentials in GET Urls"}]}, {"description": [{"lang": "eng", "value": "CWE-598"}]}]}, "references": {"reference_data": [{"name": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~", "refsource": "CONFIRM", "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1049143", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"}]}, "source": {"defect": ["1049143"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:02:44.156Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-9280", "datePublished": "2018-03-02T20:00:00Z", "dateReserved": "2017-05-29T00:00:00", "dateUpdated": "2024-09-16T17:42:50.340Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netiq:identity_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B66D9825-C8A9-45E2-B932-BA2444FCA62E", "versionEndExcluding": "4.5.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar."}, {"lang": "es", "value": "Algunas versiones de NetIQ Identity Manager Applications anteriores a la Identity Manager 4.5.6.1 inclu\u00edan el token de sesi\u00f3n en las URL GET. Esto podr\u00eda permitir se expongan sesiones de usuario a terceros mediante proxies, url de referencia o similares."}], "id": "CVE-2017-9280", "lastModified": "2024-11-21T03:35:44.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-02T20:29:00.957", "references": [{"source": "security@opentext.com", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"}, {"source": "security@opentext.com", "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-598"}], "source": "security@opentext.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}